UA53949A - Method for indeterministic cryptographic conversion of data blocks - Google Patents

Abstract

The proposed method for indeterministic cryptographic conversion of data blocks consists in generating a code key as a set of key elements, dividing the data block into data block elements, and alternately converting the data block elements by using controlled substitutions. The substitution table is drawn up as a rectangle with dimensions that depend on the dimension of the data block element being coded. The conversion by the controlled substitutions is accomplished alternately in two directions so that the rows of the substitution table are used for conversion in one direction and the columns of the table are used for conversion in the other direction. The number of the next substitution is determined depending on the preceding coded data block element. Between the operations of conversion in each direction, the operation is accomplished for summing the data block element with the code key that is determined depending on the value of the last coded data block element preceding the current controlled substitution operation.

Description

Description of the invention

The invention relates to the field of computing, namely to methods and devices of cryptographic 2 data transformation.

A known non-deterministic method of encrypting data blocks, patent No. 2106752 of the Russian Federation, IPC 6 НО4й 9/00. Publ. 10.03.98. Bul. Mo 7. The method includes the formation of an encryption key in the form of a set of subkeys, the generation of machine code of an encryption program, the breakdown of a block of data into subblocks and the successive transformation of subblocks, which differ from known methods in that they additionally form a binary vector, and on the -th subblock 8, where / 70 1,2, 3..., M » 2 is the number of subblocks, superimpose the /th subkey, where ; - 1, 2, Z, ...., x » 8 is the number of subkeys, while the value of the formed binary vector is assigned the value ; connect The binary vector itself is formed according to the structure of the ;/th subblock B, 1-1, 2, 3,..., M, and / 2, and the number of the subkey superimposed on the subblock in the previous superimposition step.

In this method of encryption, the previous generation of the machine code of the program is used, as a result of which this method requires significant preliminary calculations. In a number of cases where encryption of small blocks of data using different keys is required, this method cannot be used.

The cipher based on controlled substitutions is the closest in terms of essential features to the proposed method (see Moldovyan, A.A., Moldovyan, N.A., Sovetov, B.Ya. Cryptography SP b Izd. "Doe", 2000. pp. 136 - 142). Encryption is performed as follows. The input block of 64 bits is divided into 8 sub-blocks Bo, bu, Bo, 67 of size 8 bits each. After that, a binary vector y is formed, which has the value of the 5 lowest binary digits of the Bo sub-block: y "- Bo toa 29. Then, over the block B. and subkey Ki, a bit-by-bit summation operation is performed modulo 2, and the output value of the result of this operation is assigned to the block 54:54 4 B FC.

Then, according to the table of substitutions with the number M, a substitution operation is performed over the bu block:

Bri "- Zu(ri). Based on the value of B, a binary vector y is formed. in "- in Ф (61 tod 25), while the new value " of the binary vector depends on the previous value. After that, a substitution operation is performed on the subblock ro: ro «- Zu(bo) . Subblocks Бз, бу, б5, бб, б7 are similarly converted. At the last step of each encryption cycle, the blocks are rearranged in the reverse direction.

In this algorithm, 5 out of 8 bits of the subblock are used to select one of the substitutions, which significantly (o) worsens the indicators of the avalanche effect. The operation of forming a binary vector in slows down the speed of the algorithm, further complicating its cryptographic analysis.

The invention is based on the goal of creating a non-deterministic method of cryptographic transformation (o) of data blocks, in which a new sequence of actions would ensure high indicators of the avalanche effect, stability, simplicity and speed of transformation.

Such a technical result can be achieved by the fact that in the non-deterministic method of cryptographic I) transformation of data blocks, which consists in the formation of an encryption key in the form of a set of subkeys, the breakdown of a data block into subblocks and the alternate transformation of subblocks based on controlled substitutions, according to the invention, the table of substitutions is provided in the form of a Latin rectangle, the dimensions of which are determined by the encrypted sub-block, and the real transformation based on controlled substitution is performed alternately in two directions, while row substitutions are used in one direction, and column substitutions of the Latin rectangle are used in the other direction, at the same time, the number of each successive specific substitution is set by the previous encrypted subblock, and between the transformations in each of the directions, the operation of adding data subblocks with a key selected parametrically depending on the value of the last encrypted subblock preceding the current controlled substitution operation is introduced who

The claimed method allows to improve the indicators of the avalanche effect by the number of cycles by 5-6 times. o The uncertainty of the cryptanalyst on each transformation cycle increases from 2 35 to 264. In addition, in 2) the algorithm uses not 32 but 512 substitutions, which leads to an increase in the stability of the algorithm.

The cryptographic stability of the new encryption algorithm turns out to be much higher. By reducing the number of cycles, it is possible to get a gain in encryption speed. The method allows to increase the speed of their 20 transformation by more than two times, while maintaining the same stability. The method uses only three different operations, such as controlled substitution, parametric selection of subkeys, adding a key to c of the transformed block, which speaks of the simplicity of the method, which has an advantage over complex and confusing ones.

It is easier to implement and debug. In addition, and more importantly, it is transparent for analysis and more understandable. The given method allows you to reduce the compression ratio of encrypted data after the first cycle of 22 data transformations by 2 - 3 times, while increasing the speed of transformations. This was achieved not only due to the increase in the number of substitutions, but also due to the fact that they must necessarily form a Latin rectangle (square), which is impossible in the previous structure of the algorithm. Moreover, the operation of parametric subkey selection provides additional ambiguity in the key space. Thanks to the alternating use of controlled substitution operations and parametric selection of subkeys, the method achieves the necessary stability, speed and simplicity of transformations.

Fig. 1 shows a computing device, Fig. 2 is a controlled substitution operation, where strings of a Latin rectangle are used as substitutions, Fig. 3 is a key operation, where the key is selected depending on the last data subblock, Fig. 4 is a controlled substitution operation, where the columns of the Latin rectangle are used as substitutions, Fig. 5 is a key operation where the key is selected depending on the first sub-block of data.

The proposed method can be implemented using the computing device represented by the block diagram in Fig. 1, where the user password input device 1, the encryption key generation unit 2, the value matrix generator with the properties of the Latin rectangle Z, the user password transmission bus 4

TO block 2, bus for transferring formed subkeys 5, bus for transferring values of formed elements of the Latin rectangle 6, encryption device 7, in which there is a memory block of formed subkeys 8, a memory block of elements of a Latin rectangle 9, operating block of an encryption device 10, a bus transmission of keys 11, address buses 12 and 13, bus for transferring elements of the Latin rectangle 14, bus for the output of encrypted text 15; input data bus 16. 70 Using block 1, a secret key with a size of, for example, 128 bits is entered, the value of which is transferred to block 2 via bus 4. In block 2, an expanded encryption key is formed by cyclically shifting the existing cipher key by /l digits to the left, where / - 0, 1, 2, ..., 255. Each generated subkey is transferred via bus 5 to memory block 8. In block C, a matrix of values is generated once for the entire algorithm, the columns of which have no matches, and the rows have no matches repetitions The matrix of values is called a Latin rectangle. 7/5 The received values are transmitted via bus 6 to the memory block 9, where they are stored. After that, the encryption device 7 is ready for cryptographic transformations. The input information B, for example 128 bits in size, is fed to the bus 16 and it enters the operating unit 10, where it is placed in the form of a set of sub-blocks B0, B4,..., Bl, where t is 15, 8 bits each, and the sub-blocks are written at fixed addresses. A transformation based on controlled substitutions, where strings of a Latin rectangle are used as substitutions, is shown in Fig.2. The first two sub-blocks are Vo, Vi. get on the addressing bus 13, thereby specifying the choice of one of the possible values Zvo, vi of the Latin rectangle in the memory block 9. The selected value, 5 vo, vi passes through the bus 14 to the block 10 and is assigned to the sub-block Vo, Vi "- (Vo , Vi). Next, the next two blocks Во, Ві get on the addressing bus 13, thereby specifying the choice of one of the possible values, Зво, ви of the Latin rectangle in the memory block 9. The selected value Зво, ві reaches block 10 through bus 14 and is assigned to the sub-block B », B» «- Z(Vo, Vi). Similarly, the transformation of sub-blocks B z, B/,..., Viv is performed: Vy "- (Vy, Vy), where n - Z, ..., 15. The next key " transformation is shown in Fig. 3, in which the sub-block B 15 gets on the addressing bus 11 and thus sets one of the possible subkeys A" in block 8. The selected subkey Av" goes through bus 11 to block 10, where it is summed up with subblocks Во, В.4..., Ві4і: В -- In F Kvdviv. The following transformation based on controlled substitutions, where the columns of the Latin rectangle are used as substitutions, is shown in Fig.5. The last two sub-blocks b"

Viv, Vi4 get on the addressing bus 13, thereby specifying the choice of one of the possible values Zv15, B14 " of the Latin rectangle in the memory block 9. The selected value enters the block 10 through the bus 14 and is assigned to the sub-block Vil: B414 "- (Viv, Vi4). Subblocks B 43, B42, ..., Vo are converted similarly; You "- Z(Ex. 1, b"

You), where n is 13, 12, 11, ..., 0. The next key transformation is shown in Fig. 3, in which the sub-block Vo falls on the address bus 12 and thus sets one of the possible sub-keys K in block 8. The selected subkey Kvo enters 325 bus 11 in block 10, where it is summed up with subblocks B, Vo, Vz,..., Viv: B «- Z Kvuv. at

Claims (1)

The formula of the invention " 50 The method of non-deterministic cryptographic transformation of data blocks, which consists in the formation of the encryption key C in the form of a set of subkeys, the breakdown of the data block into sub-blocks and the alternate transformation of sub-blocks based on controlled substitutions, which is distinguished by the fact that the table of substitutions is presented in the form of a Latin rectangle, the dimension of which is determined by the encrypting sub-block, namely, the transformation based on controlled substitution is performed alternately in two directions, and in one direction, row substitutions are used, and in the other direction, Latin rectangle substitutions are used, while the number of each successive specific substitution is set previous encrypted sub-block, and between the transformations in d) each of the directions is introduced the operation of adding sub-blocks of data with a key chosen parametrically depending on the value of the last encrypted sub-block preceding the stream operation of the managed IS, substitution. iz 50 iChe) R 60 b5